Wallet Logo

BITHD Watch 1

Latest release: v4.1.8 ( 14th December 2021 ) 🔍 Last analysed 18th April 2022 . Not reproducible from source provided
30th December 2017

Jump to verdict 

Older reviews (show 1 of 1 reproducible)

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

There is currently several red flags about this product.

  • Companion app with terrible rating and accusations
  • No social media links
  • Out of stock product with no word on plans to re-stock

For the latest firmware version, we try the same as last time, wrapped into this script:

$ ./scripts/test/hardware/bithdwatches.sh 4.1.8
...
Filename    : build/bithd-v4.1.8-unsigned.bin
Fingerprint : 7c3126aaff2e983c89f621fa7a3d269385832aeeccc3f13ddd1e540656b059d2
Size        : 417820 bytes (out of 491520 maximum)
Warning: Your Pipfile requires python_version 3.8, but you are using 3.9.2 (/home/leo/.local/share/v/b/bin/python).
  $ pipenv check will surely fail.
Prepare to add metadata ...
Firmware size 418076 bytes
Firmware fingerprint: 7c3126aaff2e983c89f621fa7a3d269385832aeeccc3f13ddd1e540656b059d2
90d795380fa7def90f4924a672b64d086b55892266be8baae12c63871ab6598b  bithd-v4.1.8-signed.bin
1c1
< 00000000: 5452 5a52 1c60 0600 0000 0001 0000 0000  TRZR.`..........
---
> 00000000: 5452 5a52 1c60 0600 0304 0501 0000 0000  TRZR.`..........
5,16c5,16
< 00000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 00000050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 00000060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 00000070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 00000080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 00000090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
< 000000f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
---
> 00000040: 2d28 206f 38de d998 bd9d 96d4 b845 35ae  -( o8........E5.
> 00000050: 758c b6ae e8ea 6c32 3028 94d7 4300 d300  u.....l20(..C...
> 00000060: fc0c c4db c3dd 4a54 d2d7 8922 267a 7cb4  ......JT..."&z|.
> 00000070: 8032 f675 79c3 e527 54dc 8e8b 3bd2 8460  .2.uy..'T...;..`
> 00000080: 9444 0f18 3490 e32c dc62 aeb4 8ba9 c903  .D..4..,.b......
> 00000090: 675c 7e43 810d d87e bb72 1ac0 4757 a27f  g\~C...~.r..GW..
> 000000a0: f9a8 b6f2 2d28 0f51 83ff bc81 89de a39d  ....-(.Q........
> 000000b0: 4631 332b dce9 b3d2 38c4 fa80 cde0 3fde  F13+....8.....?.
> 000000c0: 09ae 5bcb 7b6e 53dd b391 61a3 de1b 9a06  ..[.{nS...a.....
> 000000d0: d74e 0c37 5d89 7c42 0051 05e0 cd80 edcc  .N.7].|B.Q......
> 000000e0: 1200 16f8 56bf c8c9 e14d dcc6 fd91 2159  ....V....M....!Y
> 000000f0: 35a2 6832 ca7d a678 11c8 48d2 17f1 2c2b  5.h2.}.x..H...,+
425c425
< 00001a80: 8019 0408 0000 0020 c5bc 0020 9219 0408  ....... ... ....
---
> 00001a80: 9519 0408 0000 0020 c5bc 0020 8019 0408  ....... ... ....
12713,12715c12713,12715
< 00031a80: 6269 7463 6f69 6e74 7265 7a6f 722e 636f  bitcointrezor.co
< 00031a90: 6d00 37cb c888 2133 3c8d 0c63 42b1 7fba  m.7...!3<..cB...
< 00031aa0: 9e8d 84b3 757a 0050 696e 206d 6973 6d61  ....uz.Pin misma
---
> 00031a80: f5f3 8317 45a6 190b 00fb 0262 b9c7 09af  ....E......b....
> 00031a90: 7618 49f8 0062 6974 636f 696e 7472 657a  v.I..bitcointrez
> 00031aa0: 6f72 2e63 6f6d 0050 696e 206d 6973 6d61  or.com.Pin misma

This is a bigger diff than we expected. The first two chunks are ok as these are

  • a 3-byte diff in the very beginning, which might be due to different file structure as per chunk #4 but probably nothing malicious.
  • a signature-sized chunk where the compiled version holds zeros. This is expected.

Later chunks though are harder to interpret.

  • Chunk #3 it is again a 2 byte change, where one byte might have moved, indicating some sorting inconsistency … maybe
  • The last chunk again has some sequences moved but it gets hard to interpret as it’s slightly bigger.

In summary, this makes the firmware not verifiable although it all looks pretty harmless as in “too small to actually be malicious”.

Now we would love to get in touch with the provider but their issue tracker is not open. Given their repository has not seen any update in months, together with the lack of social accounts, this product feels pretty unmaintained.

(ml, dg, lw)

Verdict Explained

We could not verify that the provided code matches the binary!

As part of our Methodology, we ask:

Is the published binary matching the published source code? If not, we tag it Unreproducible!

Published code doesn’t help much if it is not what the published binary was built from. That is why we try to reproduce the binary. We

  1. obtain the binary from the provider
  2. compile the published source code using the published build instructions into a binary
  3. compare the two binaries
  4. we might spend some time working around issues that are easy to work around

If this fails, we might search if other revisions match or if we can deduct the source of the mismatch but generally consider it on the provider to provide the correct source code and build instructions to reproduce the build, so we usually open a ticket in their code repository.

In any case, the result is a discrepancy between the binary we can create and the binary we can find for download and any discrepancy might leak your backup to the server on purpose or by accident.

As we cannot verify that the source provided is the source the binary was compiled from, this category is only slightly better than closed source but for now we have hope projects come around and fix verifiability issues.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.